gpg and TPM

Damien Goutte-Gattat dgouttegattat at
Sun May 9 15:22:39 CEST 2021


On Sun, May 09, 2021 at 10:00:25AM +0000, mailinglisten--- via Gnupg-users wrote:
>I wasn´t aware the TPM has that much space, does the TPM hold really a
>complete key? Does it make sense to use ECC keys to save space on the TPM?

Keys are actually not stored *in* the TPM. When you use the `keytotpm` 
command, the key is encrypted in such a way that it can only be 
decrypted and used by the TPM, but the key is still stored, in this 
encrypted form, as a file under the $GNUPGHOME/private-keys-v1.d 

So there's no need to switch to ECC keys just to “save space on the 
TPM”. You can protect as many RSA keys as you want with the TPM without 
being constrained by space.

- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list